Sign-up

ID

VAR-201803-1080


CVE

CVE-2016-8785


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008969

DESCRIPTION

Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. plural Huawei The product contains an input validation vulnerability.Information may be obtained. The Huawei S9700, S5700, S7700, and S9700 are the switch devices of Huawei (Huawei). Multiple Huawei Products are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Huawei S12700 and others are all intelligent routing switches of China Huawei (Huawei). The following products and versions are affected: Huawei S12700 V200R007C00, V200R008C00; S5700 V200R007C00; S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00

Trust: 2.52

sources: NVD: CVE-2016-8785 // JVNDB: JVNDB-2016-008969 // CNVD: CNVD-2016-13267 // BID: 95149 // VULHUB: VHN-97605

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-13267

AFFECTED PRODUCTS

vendor:huaweimodel:s7700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r002c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r005c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r008c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s5700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s7700scope:eqversion:v200r006c00

Trust: 1.6

vendor:huaweimodel:s12700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s9700scope:eqversion:v200r007c00

Trust: 1.6

vendor:huaweimodel:s7700 v200r005c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r002c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r006c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r008c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s5700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s7700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s9700 v200r007c00scope: - version: -

Trust: 0.9

vendor:huaweimodel:s12700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s5700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s7700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700scope: - version: -

Trust: 0.8

vendor:huaweimodel:s9700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s7700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s5700 v200r009c00spc500scope:neversion: -

Trust: 0.3

vendor:huaweimodel:s12700 v200r009c00spc500scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-13267 // BID: 95149 // JVNDB: JVNDB-2016-008969 // CNNVD: CNNVD-201612-757 // NVD: CVE-2016-8785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8785
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8785
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-13267
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-757
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97605
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8785
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-13267
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97605
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8785
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-13267 // VULHUB: VHN-97605 // JVNDB: JVNDB-2016-008969 // CNNVD: CNNVD-201612-757 // NVD: CVE-2016-8785

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-97605 // JVNDB: JVNDB-2016-008969 // NVD: CVE-2016-8785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-757

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201612-757

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008969

PATCH
title:huawei-sa-20161228-04-vrpurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-04-vrp-en
Trust: 0.8
title:Patches for multiple HuaweiVRP platform switch input verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/87001
Trust: 0.6
title:Various Huawei product input verification vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66714
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-13267 // 
            
            
            
            JVNDB: JVNDB-2016-008969 // 
            
            
            
            CNNVD: CNNVD-201612-757

EXTERNAL IDS
db:NVDid:CVE-2016-8785
Trust: 3.4
db:BIDid:95149
Trust: 2.0
db:JVNDBid:JVNDB-2016-008969
Trust: 0.8
db:CNNVDid:CNNVD-201612-757
Trust: 0.7
db:CNVDid:CNVD-2016-13267
Trust: 0.6
db:VULHUBid:VHN-97605
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-13267 // 
            
            
            
            VULHUB: VHN-97605 // 
            
            
            
            BID: 95149 // 
            
            
            
            JVNDB: JVNDB-2016-008969 // 
            
            
            
            CNNVD: CNNVD-201612-757 // 
            
            
            
            NVD: CVE-2016-8785

REFERENCES
url:http://www.securityfocus.com/bid/95149
Trust: 1.7
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-04-vrp-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8785
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8785
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161228-04-vrp-cn
Trust: 0.6
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-04-vrp-en
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-13267 // 
            
            
            
            VULHUB: VHN-97605 // 
            
            
            
            BID: 95149 // 
            
            
            
            JVNDB: JVNDB-2016-008969 // 
            
            
            
            CNNVD: CNNVD-201612-757 // 
            
            
            
            NVD: CVE-2016-8785

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 95149

SOURCES
db:CNVDid:CNVD-2016-13267
db:VULHUBid:VHN-97605
db:BIDid:95149
db:JVNDBid:JVNDB-2016-008969
db:CNNVDid:CNNVD-201612-757
db:NVDid:CVE-2016-8785

LAST UPDATE DATE
2024-11-23T22:12:39.041000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-13267date:2016-12-29T00:00:00
db:VULHUBid:VHN-97605date:2018-03-26T00:00:00
db:BIDid:95149date:2017-01-12T06:07:00
db:JVNDBid:JVNDB-2016-008969date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201612-757date:2018-03-12T00:00:00
db:NVDid:CVE-2016-8785date:2024-11-21T03:00:04.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-13267date:2016-12-29T00:00:00
db:VULHUBid:VHN-97605date:2018-03-09T00:00:00
db:BIDid:95149date:2016-12-28T00:00:00
db:JVNDBid:JVNDB-2016-008969date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201612-757date:2016-12-29T00:00:00
db:NVDid:CVE-2016-8785date:2018-03-09T21:29:00.377